[strongSwan] strongswan: charon not reacting for higher major version in IKE header
gowrishankar
gowrishankar.m at linux.vnet.ibm.com
Sat Jun 30 09:13:11 CEST 2012
strongswan: charon not reacting for higher major version in IKE header
strongswan libcharon is found to be not reacting for invalid (or
higher) major version in IKE header of received packet.
As per RFC 4306 Section 2.5:
If an endpoint receives a message with a higher major version number,
it MUST drop the message and SHOULD send an unauthenticated
notification message containing the highest version number it
supports.
and RFC 5996 Section 2.5 clarifies the notification message type as
"INVALID_MAJOR_VERSION". Though current implementation shows
portion of code libcharon/network/receiver.c, but it is not executing
while sending IKE_SA_INIT request with invalid major version (and
I am not seeing any debug info in charon.log for received packet
by net or enc threads).
I tested with strongswan based on 4.6.
Can some one have a look on this ?
Thanks,
Gowri Shankar
More information about the Users
mailing list